47 matches found
CVE-2016-8712
An exploitable nonce reuse vulnerability exists in the Web Application functionality of Moxa AWK-3131A Wireless AP running firmware 1.1. The device uses one nonce for all session authentication requests and only changes the nonce if the web application has been idle for 300 seconds...
PT-2017-9755 · Moxa · Moxa Awk-3131A Wireless Ap
Name of the Vulnerable Software and Affected Versions: Moxa AWK-3131A Wireless AP version 1.1 Description: An exploitable nonce reuse vulnerability exists in the Web Application functionality. The device uses one nonce for all session authentication requests and only changes the nonce if the web...
RHEL 6 : rhev-hypervisor (RHSA-2015:1713)
Updated rhev-hypervisor packages that fix multiple security issues, several bugs, and add various enhancements are now available. Red Hat Product Security has rated this update as having Important security impact. Common Vulnerability Scoring System CVSS base scores, which give detailed severity...
RHEV-M: webadmin automatic logout fails if VM is selected
It was found that the idle timeout in the Red Hat Enterprise Virtualization Manager Web Admin interface failed to log out a session if a VM has been selected in the VM grid view. This could allow a local attacker to access the web interface if it was left unattended...
Input validation
The protocol-inspection feature on Cisco Adaptive Security Appliances ASA devices does not properly implement the idle timeout, which allows remote attackers to cause a denial of service connection-table exhaustion via crafted requests that use an inspected protocol, aka Bug ID CSCuh13899...
PT-2013-4414 · Cisco · Cisco Asa
Name of the Vulnerable Software and Affected Versions: Cisco Adaptive Security Appliance ASA Software affected versions not specified Description: The issue is related to the protocol-inspection feature on Cisco Adaptive Security Appliances ASA devices, which does not properly implement the idle...
CVE-2013-3568 - Linksys CSRF + Root Command Injection
Hi list, I would like to inform you that the latest available Linksys WRT110 firmware is prone to root shell command injection via cross-site request forgery. This vulnerability is the result of the web interface's failure to sanitize ping targets as well as a lack of csrf tokens. Linksys/Belkin...